Exclusive Deal While supplies last, save 40% off over 40 iPhone 5 and iPhone 4/4S cases and chargers as well as Samsung S III cases at Kensington.com. Use coupon code 'SAVE40%' at checkout to receive this exclusive discount.      
toggle

AAPL Stock: 445.15 ( + 3.01 )

http://www.macnn.com/articles/01/04/04/more.security/

More security flaws in AirPort protocols

updated 03:35 am EDT, Wed April 4, 2001

 
", 0, 0);


A University of Maryland research team has identified several more security flaws in 802.11 wireless LAN protocol (AirPort technology), noting new problems with the way the protocol handles access control and authorization requests, including sniffing the network name, MAC addresses, and the plaintext and cipher text of the shared keys (we previously noted flaws in the WEP encryption scheme as well):

"Potentially the most serious of the three flaws is a hole that allows an eavesdropper to sniff the name of the network -- which is used as a shared secret for authentication purposes in some 802.11 implementations, including the Lucent Technologies Inc. Orinoco cards that Arbaugh's team used -- and then use the information to access the network. This would be prevented by the WEP (Wireless Equivalent Privacy) encryption used in 802.11, but the messages containing the network name are always broadcast in cleartext, Arbaugh said."


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. 0

    Joined:

    0
    04/04, 08:07am | report spam | Reply | delete

    More combined research

    For those using both "closed network" ala Lucent AND WEP.

    The report is lacking on the combination of the WEP cracking, and this, together.

    There is many initiative from 802.11 companies to do better things, check Ciscos new, 3COM alliance with MS, and 802.11 own WEP 256 bit.

    Orjan Larsson
    orjan@mac.com

  1. 0

    Joined:

    0
    04/04, 05:26pm | report spam | Reply | delete

    Who cares ?

    Airport is not and was never meant to be a military grade information exchange device. It is not its purpose, so people should not be alarmed when such dicoveries are made.

    If you want secure info exchange, use a closed network (i.e. no outside access to a LAN (closed loop)) or encrypt your data. If your data is encrypted, even if it is send on a clear datapath (like Airport or a phone line), the content will not be accessible.

    As such, buying on-line on a 128 bit encrypted site is as safe using an Airport network as it is when using standard telephone line...

    All this to say that Airport is a great technology at the right place. You can be assured that Airport was not used in the US Air Force plane that recently crashed in China... ;-)

  1. 0

    Joined:

    0
    04/06, 04:28pm | report spam | Reply | delete

    802.11b is a fiasco...

    Problem is, the "default" WEP encryption is only 40 bits. That can be broken in just a couple of hours on a standard desktop computer.

    Unlike SSL, where a computer with a key that is only 40 bits long can talk to a server with a key that is 128 bits long, 40-bit WEP and 128-bit WEP cannot interoperate. Therefore, if you have a mix of devices, you can't encrypt anything at all -- otherwise the 40-bit devices couldn't talk to the 128-bit devices.

    Moreover, Apple uses a different scheme for encoding the "shared secret" (a.k.a., password) than everyone else in the 802.11b industry, Lucent/Agere included. This means that if you're in a mixed platform environment, you can't use any encryption. Of course, you also can't mix encrypted and unencrypted devices, so the final result is that many people will be unable to use encryption at all.

    Yes, you can use closed networks and you can configure your wireless hub to accept connections only from those cards you have specifically configured it to listen to, and this means that people can't just walk around outside your house or your business and casually surf your internal network or "netjack" you.

    However, it's trivially easy to use standard network sniffing tools (EtherPeek works just fine with an AirPort card or a Lucent WaveLAN card), grab the network name, grab the Media Access Control (MAC) layer addresses of one or more of the allowed cards, and then you've got full access to the network again.

    Moreover, if you just want to sniff that network and see the traffic, you don't have to do anything at all other than run the sniffing software.

    Finally, even if you are in an environment where you can turn on encryption, it won't matter -- neither 40-bit nor 128-bit encryption will save you from the fact that the easiest way to attack the encryption is through the 24-bit Initialization Vector (IV) which is used in both encryption schemes.

    No, all of 802.11b is pretty much a fiasco. It's better than HomeRF, but that's about the most positive thing I can say about it.

    This comes from a guy with an Apple AirPort base station, and Lucent WaveLAN cards in his PowerBook G3/Pismo and his wife's PC laptop. Basically, we're just plain screwed.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News